매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
SailPoint Certified IdentityIQ Associate Exa 온라인 연습
최종 업데이트 시간: 2026년06월04일
당신은 온라인 연습 문제를 통해 SailPoint IdentityIQ-Associate 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.
시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 IdentityIQ-Associate 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 71개의 시험 문제와 답을 포함하십시오.
정답:
Explanation:
Yes. In SailPoint IdentityIQ, some application connectors include predefined schema information because the structure of accounts and groups on those target systems is well known to the connector. When an application is created and a specific connector type is selected, IdentityIQ may automatically populate schema elements such as the account schema, native identity attribute, display attribute, common account attributes, and sometimes group or entitlement schema definitions. This is common for standard connectors where the managed system has a predictable object model.
However, predefined does not mean final or immutable. The application administrator must still review and adjust the schema to ensure it accurately represents the implementation, including which attributes are aggregated, which attributes are searchable, which attributes are entitlements, and which attributes are used for identity correlation. Other connector types, such as generic JDBC, delimited file, or custom connectors, may require more manual schema definition.
This statement is therefore accurate because connector selection can provide default schema structure.
Reference topics: Applications, connector selection, account schema, group schema, schema attributes, aggregation configuration, and application definition.
정답:
Explanation:
The statement is false. In SailPoint IdentityIQ, connectivity settings are determined by the connector selected for the application definition. An application represents an authoritative source, target system, or managed resource, and the connector defines how IdentityIQ communicates with that system. Because different connectors use different communication models, their required configuration fields are not universal.
For example, an LDAP or Active Directory connector commonly requires server connection details such as host, port, credentials, and search base configuration. A JDBC-based connector may require a JDBC URL, driver class, database credentials, and SQL-related configuration. A delimited file connector does not require a hostname because it reads account and entitlement data from a file location rather than connecting to a network service. Similarly, cloud or API-based connectors may require endpoint URLs, tokens, client credentials, or tenant-specific settings instead of a simple hostname field.
Therefore, hostname cannot be considered a required connectivity setting for every connector type. Required settings are connector-dependent and appear according to the selected connector’s configuration model.
Reference topics: Applications, connector selection, application definition, connector-dependent settings, schema configuration, and aggregation prerequisites.
정답:
Explanation:
The statement is not accurate as written. In IdentityIQ LifeCycle Manager, allowing users to request a new account on an application does not automatically mean they can request an additional account on that same application. These are related but distinct account request scenarios. A new account request typically applies when an identity does not already have an account on the target application. An additional account request applies when an identity already has an account and the application is configured to support more than one account for the same identity.
Whether additional accounts are available depends on the application’s account model, connector support, application configuration, request configuration, and provisioning policy behavior. Some applications support only one account per identity; in those cases, IdentityIQ may allow creation of the initial account but not allow a second or additional account. Manage Accounts can expose account lifecycle actions such as create, modify, enable, disable, unlock, delete, or request additional accounts, but only when the underlying application and IdentityIQ configuration support those operations.
Reference topics: User-Driven Requests ― account request types and operations; Applications ― connector and application settings; Provisioning ― provisioning policies and account creation behavior.
정답:
Explanation:
The statement is accurate. In SailPoint IdentityIQ LifeCycle Manager, the Manage Accounts feature is used for account-level request operations. It allows authorized users to request account changes on connected applications, including requesting an additional account when the target application and IdentityIQ configuration support multiple or additional accounts for the same identity.
This capability is controlled through the application definition, request configuration, QuickLink availability, provisioning policies, and workflow approvals. When an application supports additional accounts, IdentityIQ can present account-request options that allow the requester to create another account rather than only modifying or removing an existing one. The request is then converted into a provisioning plan, routed through configured approval logic, and fulfilled either automatically through the connector or manually through a work item.
This is different from requesting entitlements alone. Manage Accounts focuses on account lifecycle operations such as create, modify, delete, enable, disable, or unlock, depending on connector and application support. Therefore, allowing users to request additional accounts on applications configured to support them is a valid Manage Accounts function.
Reference topics: User-Driven Requests ― account request types and operations; Provisioning ― provisioning plans and provisioning policies; Applications ― application configuration and connector support.
정답:
Explanation:
The statement is false. In SailPoint IdentityIQ, account attributes are updated through application aggregation, not through the Identity Refresh task. Account attributes belong to account links for a specific application and are defined in that application’s account schema. When an aggregation task runs, IdentityIQ connects to the target application using the application definition and connector configuration, reads account data, and updates the account/link attributes stored in IdentityIQ.
The Identity Refresh task performs a different function. It operates on IdentityCubes and recalculates identity-level information using data already present in the IdentityIQ repository. Identity Refresh can update identity attributes, refresh role assignments, evaluate policies, process lifecycle events, update manager relationships, and recalculate governance state. It does not directly re-read account attribute values from connected systems.
This distinction is central to IdentityIQ’s data model: account attributes describe accounts on applications, while identity attributes describe the consolidated user identity. Therefore, account attribute updates come from aggregation, while identity attribute updates may occur during Identity Refresh.
Reference topics: Applications ― application account schema and aggregation; Identity Modeling ― identity attributes versus account attributes; Identity Refresh task options.
정답:
Explanation:
The statement is true. In SailPoint IdentityIQ, identity attributes are stored on the IdentityCube and represent normalized information about a user. These attributes describe the identity at the governance level rather than describing a single account on a connected application. Common examples include first name, last name, email, department, location, job title, employee number, manager, lifecycle state, and status.
Identity attributes are important because IdentityIQ uses them throughout identity governance processes. They support identity correlation, manager correlation, certification scoping, policy evaluation, role assignment, lifecycle events, access request routing, reporting, and population or group membership. Identity attributes may be sourced from an authoritative application, derived from account data, calculated through rules, or refreshed through Identity Refresh processing.
This differs from account attributes, which are defined in an application account schema and belong to a specific application account link. Identity attributes provide the consolidated user profile that IdentityIQ uses to make governance decisions.
Reference topics: Identity Modeling ― IdentityCubes, identity attributes versus account attributes, manager correlation, Identity Refresh options.
정답:
Explanation:
The statement is false. In IdentityIQ, an account attribute is defined within a specific application account schema and represents data stored on an account link for that application. Its value is obtained from the account data aggregated from that particular application connector.
For example, an account attribute such as memberOf, department, title, or accountStatus belongs to the account schema of a defined application and is populated from that application’s aggregation results.
The concept of sourcing values from several applications applies more directly to identity attributes, not account attributes. Identity attributes reside on the IdentityCube and may be derived from authoritative sources, account links, rules, mappings, or precedence logic across multiple applications. IdentityIQ uses identity attribute configuration to normalize data such as department, location, manager, email, or lifecycle state at the identity level.
Therefore, while multiple applications may contain similarly named account attributes, each account attribute value is tied to its own application account schema and account link. It is not a single shared account attribute sourced from several applications.
Reference topics: Applications ― account schema attributes; Identity Modeling ― identity attributes versus account attributes; Identity Refresh ― updating IdentityCube attributes.
정답:
Explanation:
The statement is true. In SailPoint IdentityIQ, account attributes are defined on the application’s account schema. The application definition tells IdentityIQ how to represent accounts from a connected source, and the account schema specifies which attributes exist on those accounts. Examples may include account ID, display name, email, status, department, groups, roles, permissions, or other source-specific fields returned by the connector during aggregation.
This is distinct from identity attributes, which are stored on the IdentityCube and represent normalized identity-level data used across IdentityIQ. Account attributes belong to application account links, while identity attributes belong to the identity model. During aggregation, IdentityIQ reads account data according to the application schema and stores the discovered values as account/link attributes. Some account schema attributes may also be marked as managed when their values represent entitlement-like access that should be governed through the Entitlement Catalog.
Therefore, account attributes are correctly defined in the application account schema.
Reference topics: Applications ― application definitions, account schema attributes, schema attribute properties; Identity Modeling ― identity attributes versus account attributes; Access Modeling ― managed attributes and entitlement catalog.
정답:
Explanation:
Yes. Granting an IdentityIQ capability is a valid way to provide access to additional functions within SailPoint IdentityIQ, including areas such as Advanced Analytics. Capabilities are part of IdentityIQ’s internal authorization model. They determine what a logged-in user is allowed to see and perform inside the IdentityIQ interface, such as administration, reporting, certification administration, role management, policy management, or advanced search and analysis functions.
Advanced Analytics searches are IdentityIQ functions, not external application permissions. Therefore, access to those search types is governed by IdentityIQ security controls, including capabilities, rights, and in some deployments, scoping. This is different from granting access on a connected application, which would be handled through accounts, entitlements, roles, access requests, and provisioning.
The key distinction is that capabilities grant authority inside IdentityIQ itself. They do not directly modify a user’s access on a target system. Providing access to different types of Advanced Analytics searches is therefore an appropriate reason to assign an IdentityIQ capability.
Reference topics: Identity Modeling ― how IdentityIQ access is granted to users; Foundational Concepts ― common IdentityIQ objects and components; Governance ― analytics and access visibility.
정답:
Explanation:
No. IdentityIQ capabilities are used to control what a user can do inside SailPoint IdentityIQ, not to grant elevated permissions on a connected target application. A capability defines access to IdentityIQ functions such as administration, reporting, certification management, policy management, role management, access request functions, or other internal product features. Capabilities are part of IdentityIQ’s internal authorization model and determine which menus, pages, actions, and administrative operations a logged-in IdentityIQ user may perform.
Elevated permissions on a connected application must be granted through governed access, such as requesting or provisioning an account, entitlement, role, or permission on that target system. That process is handled through access requests, approval workflows, provisioning plans, connector operations, and application-specific provisioning policies.
For example, adding a privileged group in Active Directory or assigning an administrative application role would be modeled as target-system access, not as an IdentityIQ capability.
Therefore, granting an IdentityIQ capability is appropriate when the user needs additional permissions within IdentityIQ itself, not when they need elevated access on an external connected application.
Reference topics: Identity Modeling ― how IdentityIQ access is granted to users; User-Driven Requests ― access requests; Provisioning ― target application access fulfillment.
정답:
Explanation:
The statement is true. In SailPoint IdentityIQ, the Identity Refresh task is used to recalculate and update identity-level data stored on IdentityCubes. One of its core functions is refreshing identity attributes, which are the normalized identity fields IdentityIQ uses for governance, correlation, lifecycle processing, certifications, policy evaluation, role assignment, and reporting. These attributes may originate from authoritative sources, account links, rules, mappings, or configured identity attribute definitions.
When the Identity Refresh task runs with the appropriate options selected, IdentityIQ evaluates the configured identity attribute mappings and updates the IdentityCube accordingly. This ensures that changes from authoritative data or aggregated account information are reflected at the identity level.
For example, department, manager, location, job title, status, or lifecycle state may be recalculated and stored on the IdentityCube for downstream governance processes.
This task is different from aggregation. Aggregation collects account and entitlement data from applications, while Identity Refresh updates IdentityIQ’s internal identity model using the data already stored in the repository.
Reference topics: Identity Modeling ― IdentityCubes, identity attributes, manager correlation, and common Identity Refresh task options.
정답:
Explanation:
The statement is false. The Identity Refresh task does not execute aggregation rules configured on an application definition. Aggregation rules are part of the application aggregation process, where IdentityIQ connects to a source system, reads account or group data, applies connector and application-level processing, and stores account links, entitlement values, and related data in the IdentityIQ repository.
The Identity Refresh task operates after data is already present in IdentityIQ. Its function is to update IdentityCubes and recalculate identity-level governance information. Depending on selected options, Identity Refresh may update identity attributes, refresh role assignments, detect assigned or detected roles, evaluate policies, process lifecycle events, refresh manager relationships, or recalculate risk and access-related identity state.
Application aggregation and identity refresh are separate task functions. Aggregation obtains and normalizes data from applications; Identity Refresh interprets and recalculates identity governance state using that aggregated data. Therefore, rules tied specifically to aggregation on the application definition are execute during aggregation, not during Identity Refresh.
Reference topics: Identity Modeling ― Identity Refresh task options; Applications ― aggregation rules and application definitions; Foundational Concepts ― tasks and workflows.
정답:
Explanation:
The statement is false. The Identity Refresh task does not use application definitions to determine how to connect to native target systems. That function belongs to application aggregation and connector-based operations. In IdentityIQ, an application definition contains the connector configuration, schemas, correlation settings, aggregation options, and provisioning-related settings required for IdentityIQ to communicate with a managed system.
The Identity Refresh task operates primarily on identity data already present inside IdentityIQ. It updates IdentityCubes by recalculating identity attributes, refreshing role assignments and detections, evaluating policies, processing lifecycle events, updating manager relationships, and applying selected identity model calculations. It is typically run after aggregation or configuration changes so that identity-level governance data reflects current account and entitlement information.
Therefore, connecting to native systems is not the purpose of Identity Refresh. IdentityIQ connects to native systems through aggregation tasks or provisioning operations that reference the application definitions and connectors. Identity Refresh consumes the resulting identity, account, entitlement, and application link data within the IdentityIQ repository.
Reference topics: Identity Modeling ― Identity Refresh options; Applications ― application definitions and connector settings; Foundational Concepts ― tasks versus workflows; Provisioning ― connector-based fulfillment.
정답:
Explanation:
The statement is false. The Identity Refresh task is used to update and recalculate identity-related data in IdentityIQ, not to manage open work item reminders. Its purpose is to refresh IdentityCubes after aggregation or identity data changes. Depending on selected task options, Identity Refresh can recalculate identity attributes, apply correlation-related updates, refresh role assignments and detections, evaluate policies, process lifecycle events, update risk-related data, and ensure that the identity model reflects the current state of authoritative and application data.
Open work items belong to IdentityIQ’s workflow and governance execution layer. Reminders, escalations, expirations, and related work item follow-up behavior are handled through work item configuration, workflow behavior, certification configuration, and maintenance-style processing rather than the Identity Refresh task. Although Identity Refresh may trigger downstream actions such as lifecycle events or policy evaluation, it is not the task responsible for notifying users about pending approvals or review items.
Therefore, sending reminders for open work items is outside the purpose of Identity Refresh.
Reference topics: Identity Modeling ― common Identity Refresh options; Foundational Concepts ― tasks versus workflows; Governance ― work items, certifications, reminders, and escalation behavior.
정답:
Explanation:
The statement is true. In SailPoint IdentityIQ, group factories are used to generate identity groups dynamically based on identity attribute values or configured grouping logic. A group factory defines the rule or attribute basis for grouping identities, but the actual creation or refresh of the resulting groups occurs when the appropriate task is executed.
For example, a group factory might be configured to create groups by department, location, cost center, or business unit. When the task
runs, IdentityIQ evaluates identities against the factory definition and creates or updates the corresponding groups.
This differs from populations, which are typically defined sets of identities used for targeting, filtering, reporting, or governance scoping. Group factories are more generation-oriented because they can produce multiple group objects from identity data. The task execution step is important because it materializes the groups so they can be used in IdentityIQ operations.
Therefore, new groups can be created as a result of executing a task tied to group factory processing.
Reference topics: Identity Modeling ― groups and populations, group factories, identity grouping, and task-driven group creation.